US9419891B2 - Virtual private network communication system, routing device and method thereof - Google Patents

Virtual private network communication system, routing device and method thereof Download PDF

Info

Publication number
US9419891B2
US9419891B2 US13/802,820 US201313802820A US9419891B2 US 9419891 B2 US9419891 B2 US 9419891B2 US 201313802820 A US201313802820 A US 201313802820A US 9419891 B2 US9419891 B2 US 9419891B2
Authority
US
United States
Prior art keywords
routing device
server
private network
virtual private
positioning
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US13/802,820
Other versions
US20140207958A1 (en
Inventor
Der-Hwa Tan
Ming-Yen Lai
Min-Wei Huang
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Gemtek Technology Co Ltd
Original Assignee
Gemtek Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Gemtek Technology Co Ltd filed Critical Gemtek Technology Co Ltd
Assigned to GEMTEK TECHNOLOGY CO., LTD. reassignment GEMTEK TECHNOLOGY CO., LTD. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: HUANG, Min-wei, LAI, MING-YEN, TAN, DER-HWA
Publication of US20140207958A1 publication Critical patent/US20140207958A1/en
Application granted granted Critical
Publication of US9419891B2 publication Critical patent/US9419891B2/en
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/42Centralised routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • H04L67/1074Peer-to-peer [P2P] networks for supporting data block transmission mechanisms
    • H04L67/327
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
    • H04L67/63Routing a service request depending on the request content or context
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/66Layer 2 routing, e.g. in Ethernet based MAN's

Definitions

  • the invention relates to an Internet communication system and particularly relates to a virtual private network communication system, a routing device, and a method thereof.
  • IPv4 Internet Protocol Version 4
  • Public IP addresses public Internet protocol addresses
  • the Request for Comments (RFC) No. 1918 issued by the Internet Engineering Task Force (IETF) provides explanations to define the private network and the configuration of virtual IP under the private network.
  • a host provided with a virtual IP in the private network may be connected to an external service by means of a gateway, etc.; however, the host does not have IP-level connectivity to an external network address.
  • a host in a private network When a host in a private network is to be connected to a computer host in the Internet, the connection can be achieved by the mechanism of NAT address translation. Nevertheless, when another host, to which this host in the private network is to be connected, is in another private network, a framework of virtual private network (VPN) is required between the two private networks, so as to transmit messages between the two private networks via the Internet.
  • the virtual private network utilizes an encrypted tunneling protocol to achieve the security effects, e.g. confidentiality, transmission terminal verification, message accuracy, for private messages, such that the messages in the private networks would not be acquired by an external host/user.
  • the aforementioned has to go through complicated connection and setting. Therefore, how to establish connection between virtual private networks in a simpler way and at the same time maintain the security of the transmitted messages is an important issue in this field.
  • the invention provides a virtual private network communication system, a routing device, and a method thereof for hosts belonging to different private networks to perform network communication directly by a simple connection method.
  • the invention provides a virtual private network communication system that includes a server and a plurality of routing devices.
  • the routing devices respectively transmit registration information to the server, wherein the registration information includes a recognition string.
  • the routing devices include a first routing device and a second routing device.
  • the first routing device transmits a positioning request to the server, and the server transmits the positioning request to a part of or all of the routing devices according to the recognition string.
  • the second routing device receives the positioning request, the second routing device transmits positioning information according to the positioning request to the first routing device via the server.
  • the first routing device directly establishes a connection with the second routing device according to the positioning information and transmits data after the connection is established.
  • the invention provides a routing device adapted for a virtual private network communication system, and the routing device includes: a network interface unit and a processing unit.
  • the network interface unit is connected to a server via the Internet.
  • the processing unit is coupled to the network interface unit and transmits registration information to the server via the network interface unit, wherein the registration information includes a recognition string.
  • the processing unit further transmits a positioning request to the server via the network interface unit.
  • the processing unit receives positioning information from the server via the network interface unit, and the processing unit directly connects to a remote routing device via the network interface unit according to the positioning information and transmits data after the connection is established.
  • the invention provides a virtual private network communication method that includes the following steps. First, registration information is transmitted to a server in the virtual private network communication system, wherein the registration information includes a recognition string. Next, a positioning request is transmitted to the server. Then, positioning information is received from the server, and a remote routing device is directly connected according to the positioning information. Thereafter, data is transmitted after the connection is established.
  • the invention provides a virtual private network communication system, a routing device, and a method thereof, which utilize the positioning request and the recognition string for registration in the server and then use the server to exchange positioning information, so as to achieve communication between the private networks and establish connection, thereby achieving the virtual private network.
  • FIG. 1 is a block diagram of a virtual private network communication system according to an embodiment of the invention.
  • FIG. 2 is a timing flowchart of a virtual private network communication system according to an embodiment of the invention.
  • FIG. 3 is a data structure diagram of a positioning request according to an embodiment of the invention.
  • FIG. 4 is a block diagram of a routing device according to an embodiment of the invention.
  • FIG. 5 is a flowchart illustrating a virtual private network communication method according to an embodiment of the invention.
  • FIG. 1 is a block diagram of a virtual private network (VPN) communication system according to an embodiment of the invention.
  • a virtual private network communication system 10 includes a server 110 and routing devices 120 and 130 .
  • the virtual private network communication system 10 may include a plurality of routing devices. To make the disclosure more comprehensible, in this embodiment, only the routing devices 120 and 130 are illustrated as example.
  • the routing devices 120 and 130 respectively function as doorways of private networks 150 and 160 to an Internet 140 outside and provide services, e.g. network address translation (NAT), to each host in the private networks 150 and 160 .
  • the private network 150 includes hosts 151 - 153 therein, and the routing device 120 disposes a virtual Internet protocol address in a virtual subnet to the hosts 151 - 153 respectively.
  • the routing device 120 uses the network address translation service to transit the virtual Internet protocol address in the virtual subnet to a physical address in the Internet and thereby receive and forward transmission data of each host (hosts 151 - 153 ) in the private network 150 .
  • the relationship between the routing device 130 and the private network 160 is the same as the relationship between the routing device 120 and the private network 150 and thus will be omitted hereinafter.
  • the routing devices 120 and 130 serve as the doorways for the private networks 150 and 160 and usually provide the NAT service, or equipment having the NAT service may exist between the routing devices 120 and 130 and the Internet. Therefore, it becomes more difficult to convert the private networks 150 and 160 into virtual private networks (VPN). Accordingly, the invention provides a simpler way to establish a virtual private network communication system between the private networks and, through the mechanism of the virtual private network communication system, enables the hosts of the private networks to perform peer to peer transmission.
  • the routing devices 120 and 130 are connected with each other via the Internet 140 and the server 110 and respectively transmit registration information RI to the server 110 , wherein the registration information RI includes a recognition string.
  • the server 110 utilizes the recognition string to determine whether to combine the private networks 150 and 160 , to which the routing devices 120 and 130 belong, into a virtual private network.
  • the routing device 120 After the server 110 receives and records the registration information RI respectively transmitted by multiple routing devices, the routing device 120 sends a positioning request PR to the server 110 .
  • the server 110 transmits the positioning request PR to a part of or all of the routing devices (e.g. the routing device 130 ) according to the recognition string.
  • the routing device 130 receives the positioning request PR
  • the routing device 130 transmits positioning information PI to the routing device 120 via the server 110 according to the positioning request PR.
  • the routing device 120 directly establishes a connection with the routing device 130 according to the positioning information PI and transmits data DAT after the connection is established.
  • FIG. 2 is a timing flowchart of a virtual private network communication system according to an embodiment of the invention.
  • the timing flowchart of the virtual private network communication system 10 may be divided into three main parts, wherein the first part is a registration procedure corresponding to Steps S 201 -S 203 , the second part is a positioning procedure corresponding to Steps S 204 -S 212 , and the third part is a connection procedure corresponding to Steps S 213 -S 215 .
  • each of the routing devices e.g. the routing devices 120 and 130 , in the virtual private network communication system transmits registration information to the server 110 (Steps S 201 and S 202 ).
  • the registration information includes a recognition string, a media access control (MAC) address of the routing device, and a MAC address of the server 110 .
  • Each of the routing devices transmits the registration information to the server 110 according to the MAC address of the server 110 .
  • the server 110 After receiving the registration information transmitted from each of the routing devices, stores a name, the recognition string, and the MAC address of each of the routing devices in a registration form (Step S 203 ).
  • the server 110 may be used to process several virtual private networks at the same time and may utilize the recognition strings to determine whether the routing devices in the virtual private network communication system 10 belong to different virtual private networks. If the registration information RI transmitted by several routing devices (for example the routing devices 120 and 130 ) includes the same recognition string, the server 110 determines that these routing devices having the same recognition string belong to the same virtual private network. Accordingly, the steps of the second part are executed.
  • the routing device 120 transmits a positioning request to the server 110 (Step S 204 ). Before transmitting the positioning request, the routing device 120 may receive a connection request from one of the hosts (e.g. one of the hosts 151 - 153 shown in FIG. 1 ) in the private network thereof (e.g. the private network 150 shown in FIG. 1 ), which requests to connect with one host in another private network (e.g. one of the hosts 161 - 163 in the private network 160 ), and the routing device 120 transmits the positioning request to the server 110 responsive to the connection request.
  • the hosts e.g. one of the hosts 151 - 153 shown in FIG. 1
  • the private network thereof e.g. the private network 150 shown in FIG. 1
  • the routing device 120 transmits the positioning request to the server 110 responsive to the connection request.
  • FIG. 3 is a data structure diagram of the positioning request according to an embodiment of the invention.
  • a positioning request 30 includes a header 310 and a data content 320 .
  • the header 310 includes an Ethernet header 311 , an Internet protocol (IP) header 312 , and a user datagram protocol (UDP) header 313 for transmitting the positioning request 30 from the routing device 120 to the server 110 via the Internet.
  • IP Internet protocol
  • UDP user datagram protocol
  • the positioning request 30 utilizes a transport layer protocol of UDP considering the advantages of simplicity and quickness.
  • the invention is not limited thereto, and other protocols such as transmission control protocol (TCP) may be used.
  • TCP transmission control protocol
  • the data content 320 includes an Ethernet header 321 and a payload 322 . It is noticed that, generally speaking, the content recorded in the Ethernet header 321 includes a MAC address of a previous object of the transmission (e.g. a node in the network) and a MAC address of a next object to which the packet is to be transmitted.
  • the MAC addresses in the Ethernet header 321 of the data content 320 include a MAC address of a transmitter (e.g. the routing device 120 ) and a MAC address of the last receiver (e.g. the server 110 ).
  • the last receiver of the positioning request 30 transmitted by the routing device 120 is the server 110 .
  • the server 110 can process the header 310 and determine from the Ethernet header 321 that the last receiver of the positioning request 30 is the server 110 , and further interpret the data content.
  • the payload 322 in the data content includes a recognition string and an address inquiry message.
  • the recognition string may be used to make the server 110 reconfirm the virtual private network to which the routing device 120 belongs.
  • the address inquiry message is an encrypted message and includes a virtual IP address, which is the virtual IP address of the object that is to be connected.
  • the virtual IP address is included in the connection request received by the routing device 120 and transmitted by the host (one of the hosts 151 - 153 ) of the private network 150 .
  • the address inquiry message before encryption is written in accordance with an address resolution protocol (ARP) format, so as to be parsed by the recipient routing device, e.g. the routing device 130 .
  • ARP address resolution protocol
  • the address inquiry message may be written in accordance with an Internet control message protocol version 6 (ICMPv6) format under IPv6.
  • IPv6 Internet Protocol version 6
  • ICMPv6 Internet control message protocol version 6
  • the routing device 120 uses the recognition string as a key to encrypt the address inquiry message.
  • the key may be generated using a specific algorithm based on the recognition string or other information common to the routing devices and the server.
  • the invention is not limited to the above.
  • the server 110 parses the positioning request after receiving the positioning request, so as to verify the Ethernet header 321 and the content in the recognition string of the payload 322 (Step S 205 ).
  • the server 110 directly forwards the positioning request to all the routing devices of the virtual private network, i.e. all the routing devices in the registration form, which have the same recognition string as the positioning request or the routing device 120 .
  • the Ethernet header 321 of the data content 320 in the positioning request 30 is rewritten by the server 110 .
  • the last receiver of the Ethernet header 321 is rewritten as the aforementioned routing devices that have the same recognition string by the server 110 , and the position of the transmitter remains to be the transmitter of the positioning request, i.e. the routing device 120 .
  • the server 110 After rewriting the Ethernet header 321 in the data content 320 for each of the routing devices, the server 110 respectively transmits the positioning request to each of the routing devices in the virtual private network by unicast (Step S 206 ).
  • the aforementioned unicast is similar to a broadcast operation that the server 110 performs to all the routing devices having the same recognition string. However, since the contents transmitted to different routing devices vary slightly, the broadcast operation varies as well.
  • the routing devices parse the positioning request to decrypt the address inquiry message therein (Step S 207 ). Next, the routing devices verify whether the virtual IP address in the address inquiry message is in the virtual subnet of the private network thereof (Step S 208 ). If one routing device determines that the virtual IP address in the address inquiry message is not in the virtual subnet of the private network thereof, the routing device discards/ignores the positioning request directly (Step S 209 ).
  • the virtual IP address included in the address inquiry message is the virtual IP address of one of the hosts 161 - 163 in the private network 160 , to which the routing device 130 belongs. Therefore, the routing device 130 determines that the virtual IP address in the address inquiry message is in the virtual subnet of the private network thereof.
  • the routing device 130 may acquire the MAC address of the transmitter of the positioning request, i.e. the routing device 120 , from the Ethernet header 321 of the data content 320 of the positioning request. Accordingly, the routing device 130 transmits positioning information to the routing device 120 via the server 110 (Steps S 210 and S 211 ).
  • the data structure of the positioning information is the same as the data structure of the positioning request, as illustrated in FIG. 3 .
  • the routing device 130 fills the MAC address of the routing device 120 in a field of receiver in the Ethernet header of the data content of the positioning information.
  • the server 110 may directly determine that the positioning information needs to be forwarded to the routing device 120 according to the Ethernet header of the data content when receiving the positioning information.
  • the data content of the positioning information further includes an encrypted positioning message, which includes a description indicating that the virtual IP address is in the virtual subnet of the private network 160 of the routing device 130 .
  • a method for encrypting the positioning message and a data format thereof are similar to those of the address inquiry message and thus will not be repeated hereinafter.
  • the routing device 120 After receiving the positioning information, the routing device 120 parses the positioning information and decrypts the positioning message in the positioning information to acquire a private network portal, i.e. the routing device 130 , corresponding to the virtual IP address in the positioning request (Step S 212 ). Accordingly, the virtual private network communication system 10 completes the positioning procedure of the second part.
  • the connection procedure of the third part is performed.
  • the routing device 120 directly transmits a connection request to the routing device 130 according to the content of the positioning information, so as to establish the connection (Step S 213 ).
  • the routing device 130 verifies the connection request and responds to the connection request by sending back a response message to the routing device 120 (Step S 214 ). Accordingly, the routing device 120 establishes the connection with the routing device 130 (Step S 215 ).
  • connection established between the routing devices 120 and 130 is a peer to peer (P2P) connection conforming to the Internet Protocol Security (IPSec), such that the private networks 150 and 160 , to which the routing devices 120 and 130 belong, can combine into one virtual private network.
  • P2P peer to peer
  • IPSec Internet Protocol Security
  • the data content in the registration information that the routing device 120 transmits to the server 110 includes:
  • the first two are Ethernet headers, which are the MAC addresses of the routing device 120 (transmitter) and the server 110 (receiver).
  • the third information is a recognition string SMB.
  • the data content in the registration information that the routing device 130 transmits to the server includes:
  • the server 110 After receiving the registration information, the server 110 records the data content of the registration information in the registration form as shown below:
  • Name of device may be selectively implemented and may be attached to the registration information for transmission.
  • the routing device 120 transmits a positioning request, as shown below:
  • the fourth information is the encrypted address inquiry message.
  • the server 110 After receiving the aforementioned positioning request, the server 110 forwards the positioning request to other routing devices, i.e. the routing device 130 in this embodiment, having the same recognition string “SMB” in the virtual private network communication system 10 .
  • the MAC address of the receiver of the second information has been rewritten into the MAC address of the routing device 130 .
  • the routing device 130 also has a connection list stored therein, and after parsing the positioning request, the routing device 130 also stores a connection method of the routing device 120 in the connection list:
  • the UDP connection method Sock0 indicates that in this stage, the routing device 120 can transmit various data to the routing device 130 through connection with the server.
  • the routing device 130 sends the positioning information to the routing device 120 via Sock0, i.e. via the forwarding path of the server 110 .
  • the data content of the positioning information includes the following information:
  • the routing device 120 determines that the routing device corresponding to the virtual IP address 10.2.3.100 is the routing device 130 by parsing the positioning message in the positioning information.
  • routing device 120 adds the routing device 130 to the connection list:
  • the routing device 120 establishes the connection with the routing device 130 according to the positioning information.
  • the connection list of the routing device 120 and the routing device 130 is updated as:
  • the UDP connection method Sock1 indicates that the routing devices 120 and 130 are capable of exchanging data in the P2P way.
  • FIG. 4 is a block diagram of a routing device according to an embodiment of the invention.
  • a routing device 40 includes a network interface unit 410 and a processing unit 420 .
  • the network interface unit 410 is connected to a server via the Internet.
  • the processing unit 420 is coupled to the network interface unit 410 and transmits registration information RI to the server via the network interface unit 410 , wherein the registration information RI includes a recognition string.
  • the processing unit 420 further transmits a positioning request PR to the server via the network interface unit 410 .
  • the processing unit 420 receives positioning information PI from the server via the network interface unit 410 , and the processing unit 420 directly connects to a remote routing device via the network interface unit 410 according to the positioning information PI and transmits data after the connection is established.
  • the routing device 40 when actually applied, the routing device 40 usually includes a sub-network interface unit (not shown) for connecting the hosts in the private network thereof (e.g. the private network 150 and the hosts 151 - 153 shown in FIG. 1 ) and exchanging data therebetween.
  • a sub-network interface unit not shown for connecting the hosts in the private network thereof (e.g. the private network 150 and the hosts 151 - 153 shown in FIG. 1 ) and exchanging data therebetween.
  • FIG. 5 is a flowchart illustrating a virtual private network communication method according to an embodiment of the invention.
  • the virtual private network communication method includes the following steps. First, in Step S 501 , registration information is transmitted to a server in the virtual private network communication system, wherein the registration information includes a recognition string. Then, in Step S 502 , a positioning request is transmitted to the server. Next, in Step S 503 , positioning information is received from the server, and a remote routing device is directly connected according to the positioning information. Thereafter, in Step S 504 , data is transmitted after the connection is established. Details of the virtual private network communication method may be found in the descriptions of the embodiments of FIG. 1 to FIG. 3 and thus will not be repeated hereinafter.
  • the invention provides a virtual private network communication system, a routing device, and a method thereof for performing operations, such as registration procedure, positioning procedure, and connection procedure, to complete the communication connection between the routing devices and private networks thereof in the virtual private network communication system.
  • the system further utilizes a recognition string to distinguish virtual private network and positions the virtual IP address of the private network according to the positioning request and the recognition string included therein to achieve P2P transmission between two private networks. Even if the routing devices are both behind the NAT equipment, the connection of the virtual private network can still be established in a simple way.
  • the recognition string can serve as the basis of the encrypted message to simplify the transmission of the key.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Multimedia (AREA)

Abstract

A virtual private network communication system, a routing device and a method thereof are provided. The system includes a server and a plurality of routing devices. The routing devices respectively transmit registration information to the server, wherein the registration information includes a recognition string. The routing devices include a first routing device and a second routing device. The first routing device transmits a positioning request to the server, and the server transmits the positioning request to a part of or all of the routing devices according to the recognition string. When the second routing device receives the positioning request, the second routing device transmits positioning information according to the positioning request to the first routing device via the server. The first routing device directly establishes a connection with the second routing device according to the positioning information and transmits data after the connection is established.

Description

CROSS-REFERENCE TO RELATED APPLICATION
This application claims the priority benefit of Taiwan application serial no. 102102047, filed on Jan. 18, 2013. The entirety of the above-mentioned patent application is hereby incorporated by reference herein and made a part of this specification.
BACKGROUND OF THE INVENTION
1. Field of the Invention
The invention relates to an Internet communication system and particularly relates to a virtual private network communication system, a routing device, and a method thereof.
2. Description of Related Art
As the Internet thrives rapidly, under the framework of Internet Protocol Version 4 (IPv4), public Internet protocol addresses (Public IP addresses) are becoming insufficient for the fast growing number of network users. After the concept of private network or enterprise Intranet is proposed, private network is now extensively used by many organizations.
The Request for Comments (RFC) No. 1918 issued by the Internet Engineering Task Force (IETF) provides explanations to define the private network and the configuration of virtual IP under the private network. Basically, a host provided with a virtual IP in the private network may be connected to an external service by means of a gateway, etc.; however, the host does not have IP-level connectivity to an external network address.
When a host in a private network is to be connected to a computer host in the Internet, the connection can be achieved by the mechanism of NAT address translation. Nevertheless, when another host, to which this host in the private network is to be connected, is in another private network, a framework of virtual private network (VPN) is required between the two private networks, so as to transmit messages between the two private networks via the Internet. The virtual private network utilizes an encrypted tunneling protocol to achieve the security effects, e.g. confidentiality, transmission terminal verification, message accuracy, for private messages, such that the messages in the private networks would not be acquired by an external host/user. However, according to the current method of establishing tunneling protocol, the aforementioned has to go through complicated connection and setting. Therefore, how to establish connection between virtual private networks in a simpler way and at the same time maintain the security of the transmitted messages is an important issue in this field.
SUMMARY OF THE INVENTION
The invention provides a virtual private network communication system, a routing device, and a method thereof for hosts belonging to different private networks to perform network communication directly by a simple connection method.
The invention provides a virtual private network communication system that includes a server and a plurality of routing devices. The routing devices respectively transmit registration information to the server, wherein the registration information includes a recognition string. The routing devices include a first routing device and a second routing device. The first routing device transmits a positioning request to the server, and the server transmits the positioning request to a part of or all of the routing devices according to the recognition string. When the second routing device receives the positioning request, the second routing device transmits positioning information according to the positioning request to the first routing device via the server. The first routing device directly establishes a connection with the second routing device according to the positioning information and transmits data after the connection is established.
The invention provides a routing device adapted for a virtual private network communication system, and the routing device includes: a network interface unit and a processing unit. The network interface unit is connected to a server via the Internet. The processing unit is coupled to the network interface unit and transmits registration information to the server via the network interface unit, wherein the registration information includes a recognition string. The processing unit further transmits a positioning request to the server via the network interface unit. The processing unit receives positioning information from the server via the network interface unit, and the processing unit directly connects to a remote routing device via the network interface unit according to the positioning information and transmits data after the connection is established.
The invention provides a virtual private network communication method that includes the following steps. First, registration information is transmitted to a server in the virtual private network communication system, wherein the registration information includes a recognition string. Next, a positioning request is transmitted to the server. Then, positioning information is received from the server, and a remote routing device is directly connected according to the positioning information. Thereafter, data is transmitted after the connection is established.
Based on the above, the invention provides a virtual private network communication system, a routing device, and a method thereof, which utilize the positioning request and the recognition string for registration in the server and then use the server to exchange positioning information, so as to achieve communication between the private networks and establish connection, thereby achieving the virtual private network.
To make the aforementioned and other features and advantages of the invention more comprehensible, several embodiments accompanied with figures are described in detail below.
BRIEF DESCRIPTION OF THE DRAWINGS
The accompanying drawings are included to provide a further understanding of the invention, and are incorporated in and constitute a part of this specification. The drawings illustrate exemplary embodiments of the invention and, together with the description, serve to explain the principles of the invention.
FIG. 1 is a block diagram of a virtual private network communication system according to an embodiment of the invention.
FIG. 2 is a timing flowchart of a virtual private network communication system according to an embodiment of the invention.
FIG. 3 is a data structure diagram of a positioning request according to an embodiment of the invention.
FIG. 4 is a block diagram of a routing device according to an embodiment of the invention.
FIG. 5 is a flowchart illustrating a virtual private network communication method according to an embodiment of the invention.
 DESCRIPTION OF THE EMBODIMENTS
FIG. 1 is a block diagram of a virtual private network (VPN) communication system according to an embodiment of the invention. Referring to FIG. 1, a virtual private network communication system 10 includes a server 110 and routing devices 120 and 130. In fact, the virtual private network communication system 10 may include a plurality of routing devices. To make the disclosure more comprehensible, in this embodiment, only the routing devices 120 and 130 are illustrated as example.
The routing devices 120 and 130 respectively function as doorways of private networks 150 and 160 to an Internet 140 outside and provide services, e.g. network address translation (NAT), to each host in the private networks 150 and 160. For example, the private network 150 includes hosts 151-153 therein, and the routing device 120 disposes a virtual Internet protocol address in a virtual subnet to the hosts 151-153 respectively. When connecting the hosts 151-153 to the Internet 140 via the routing device 120, the routing device 120 uses the network address translation service to transit the virtual Internet protocol address in the virtual subnet to a physical address in the Internet and thereby receive and forward transmission data of each host (hosts 151-153) in the private network 150.
The relationship between the routing device 130 and the private network 160 is the same as the relationship between the routing device 120 and the private network 150 and thus will be omitted hereinafter.
The routing devices 120 and 130 serve as the doorways for the private networks 150 and 160 and usually provide the NAT service, or equipment having the NAT service may exist between the routing devices 120 and 130 and the Internet. Therefore, it becomes more difficult to convert the private networks 150 and 160 into virtual private networks (VPN). Accordingly, the invention provides a simpler way to establish a virtual private network communication system between the private networks and, through the mechanism of the virtual private network communication system, enables the hosts of the private networks to perform peer to peer transmission.
In an embodiment of the invention, the routing devices 120 and 130 are connected with each other via the Internet 140 and the server 110 and respectively transmit registration information RI to the server 110, wherein the registration information RI includes a recognition string. Herein, the server 110 utilizes the recognition string to determine whether to combine the private networks 150 and 160, to which the routing devices 120 and 130 belong, into a virtual private network.
After the server 110 receives and records the registration information RI respectively transmitted by multiple routing devices, the routing device 120 sends a positioning request PR to the server 110. The server 110 transmits the positioning request PR to a part of or all of the routing devices (e.g. the routing device 130) according to the recognition string. When one of the routing devices, e.g. the routing device 130, receives the positioning request PR, the routing device 130 transmits positioning information PI to the routing device 120 via the server 110 according to the positioning request PR. The routing device 120 directly establishes a connection with the routing device 130 according to the positioning information PI and transmits data DAT after the connection is established. To explain the disclosure in further detail, several embodiments are described below with reference to accompany the drawings.
FIG. 2 is a timing flowchart of a virtual private network communication system according to an embodiment of the invention. Referring to FIG. 2, the timing flowchart of the virtual private network communication system 10 may be divided into three main parts, wherein the first part is a registration procedure corresponding to Steps S201-S203, the second part is a positioning procedure corresponding to Steps S204-S212, and the third part is a connection procedure corresponding to Steps S213-S215.
First, in the registration procedure of the first part, each of the routing devices, e.g. the routing devices 120 and 130, in the virtual private network communication system transmits registration information to the server 110 (Steps S201 and S202). The registration information includes a recognition string, a media access control (MAC) address of the routing device, and a MAC address of the server 110. Each of the routing devices transmits the registration information to the server 110 according to the MAC address of the server 110. After receiving the registration information transmitted from each of the routing devices, the server 110 stores a name, the recognition string, and the MAC address of each of the routing devices in a registration form (Step S203).
The server 110 may be used to process several virtual private networks at the same time and may utilize the recognition strings to determine whether the routing devices in the virtual private network communication system 10 belong to different virtual private networks. If the registration information RI transmitted by several routing devices (for example the routing devices 120 and 130) includes the same recognition string, the server 110 determines that these routing devices having the same recognition string belong to the same virtual private network. Accordingly, the steps of the second part are executed.
The positioning procedure of the second part is executed after the registration procedure is completed. Referring to FIG. 2, the routing device 120 transmits a positioning request to the server 110 (Step S204). Before transmitting the positioning request, the routing device 120 may receive a connection request from one of the hosts (e.g. one of the hosts 151-153 shown in FIG. 1) in the private network thereof (e.g. the private network 150 shown in FIG. 1), which requests to connect with one host in another private network (e.g. one of the hosts 161-163 in the private network 160), and the routing device 120 transmits the positioning request to the server 110 responsive to the connection request.
FIG. 3 is a data structure diagram of the positioning request according to an embodiment of the invention. Referring to FIG. 3, a positioning request 30 includes a header 310 and a data content 320. Specifically, the header 310 includes an Ethernet header 311, an Internet protocol (IP) header 312, and a user datagram protocol (UDP) header 313 for transmitting the positioning request 30 from the routing device 120 to the server 110 via the Internet. It should be noted that, in this embodiment, the positioning request 30 utilizes a transport layer protocol of UDP considering the advantages of simplicity and quickness. However, the invention is not limited thereto, and other protocols such as transmission control protocol (TCP) may be used.
The data content 320 includes an Ethernet header 321 and a payload 322. It is noticed that, generally speaking, the content recorded in the Ethernet header 321 includes a MAC address of a previous object of the transmission (e.g. a node in the network) and a MAC address of a next object to which the packet is to be transmitted. The MAC addresses in the Ethernet header 321 of the data content 320 include a MAC address of a transmitter (e.g. the routing device 120) and a MAC address of the last receiver (e.g. the server 110). The last receiver of the positioning request 30 transmitted by the routing device 120 is the server 110. Thus, when the server 110 receives the positioning request 30, the server 110 can process the header 310 and determine from the Ethernet header 321 that the last receiver of the positioning request 30 is the server 110, and further interpret the data content.
The payload 322 in the data content includes a recognition string and an address inquiry message. The recognition string may be used to make the server 110 reconfirm the virtual private network to which the routing device 120 belongs. The address inquiry message is an encrypted message and includes a virtual IP address, which is the virtual IP address of the object that is to be connected. The virtual IP address is included in the connection request received by the routing device 120 and transmitted by the host (one of the hosts 151-153) of the private network 150. In this embodiment, the address inquiry message before encryption is written in accordance with an address resolution protocol (ARP) format, so as to be parsed by the recipient routing device, e.g. the routing device 130. In an embodiment where the invention is applied to Internet Protocol version 6 (IPv6), the address inquiry message may be written in accordance with an Internet control message protocol version 6 (ICMPv6) format under IPv6. However, it is noted that the invention is not limited to the above.
In addition, in this embodiment, the routing device 120 uses the recognition string as a key to encrypt the address inquiry message. In other embodiments of the invention, the key may be generated using a specific algorithm based on the recognition string or other information common to the routing devices and the server. However, it is noted that the invention is not limited to the above.
Further referring to FIG. 2, the server 110 parses the positioning request after receiving the positioning request, so as to verify the Ethernet header 321 and the content in the recognition string of the payload 322 (Step S205). In this embodiment, the server 110 directly forwards the positioning request to all the routing devices of the virtual private network, i.e. all the routing devices in the registration form, which have the same recognition string as the positioning request or the routing device 120.
It should be noted that here the Ethernet header 321 of the data content 320 in the positioning request 30 is rewritten by the server 110. The last receiver of the Ethernet header 321 is rewritten as the aforementioned routing devices that have the same recognition string by the server 110, and the position of the transmitter remains to be the transmitter of the positioning request, i.e. the routing device 120. After rewriting the Ethernet header 321 in the data content 320 for each of the routing devices, the server 110 respectively transmits the positioning request to each of the routing devices in the virtual private network by unicast (Step S206).
In fact, the aforementioned unicast is similar to a broadcast operation that the server 110 performs to all the routing devices having the same recognition string. However, since the contents transmitted to different routing devices vary slightly, the broadcast operation varies as well. In the virtual private network communication system 10, after the routing devices having the same recognition string as the routing device 120 receive the positioning request, the routing devices parse the positioning request to decrypt the address inquiry message therein (Step S207). Next, the routing devices verify whether the virtual IP address in the address inquiry message is in the virtual subnet of the private network thereof (Step S208). If one routing device determines that the virtual IP address in the address inquiry message is not in the virtual subnet of the private network thereof, the routing device discards/ignores the positioning request directly (Step S209).
In this embodiment, the virtual IP address included in the address inquiry message is the virtual IP address of one of the hosts 161-163 in the private network 160, to which the routing device 130 belongs. Therefore, the routing device 130 determines that the virtual IP address in the address inquiry message is in the virtual subnet of the private network thereof. Here, the routing device 130 may acquire the MAC address of the transmitter of the positioning request, i.e. the routing device 120, from the Ethernet header 321 of the data content 320 of the positioning request. Accordingly, the routing device 130 transmits positioning information to the routing device 120 via the server 110 (Steps S210 and S211).
The data structure of the positioning information is the same as the data structure of the positioning request, as illustrated in FIG. 3. The routing device 130 fills the MAC address of the routing device 120 in a field of receiver in the Ethernet header of the data content of the positioning information. Thus, the server 110 may directly determine that the positioning information needs to be forwarded to the routing device 120 according to the Ethernet header of the data content when receiving the positioning information.
In addition to the Ethernet header, the data content of the positioning information further includes an encrypted positioning message, which includes a description indicating that the virtual IP address is in the virtual subnet of the private network 160 of the routing device 130. A method for encrypting the positioning message and a data format thereof are similar to those of the address inquiry message and thus will not be repeated hereinafter.
After receiving the positioning information, the routing device 120 parses the positioning information and decrypts the positioning message in the positioning information to acquire a private network portal, i.e. the routing device 130, corresponding to the virtual IP address in the positioning request (Step S212). Accordingly, the virtual private network communication system 10 completes the positioning procedure of the second part.
After the routing device 120 acquires the positioning information of the object that is to be connected, the connection procedure of the third part is performed. First, the routing device 120 directly transmits a connection request to the routing device 130 according to the content of the positioning information, so as to establish the connection (Step S213). After receiving the connection request, the routing device 130 verifies the connection request and responds to the connection request by sending back a response message to the routing device 120 (Step S214). Accordingly, the routing device 120 establishes the connection with the routing device 130 (Step S215). It should be noted that the connection established between the routing devices 120 and 130 is a peer to peer (P2P) connection conforming to the Internet Protocol Security (IPSec), such that the private networks 150 and 160, to which the routing devices 120 and 130 belong, can combine into one virtual private network.
In order to explain the technical content of the invention in further detail, an actual embodiment is described below to exemplify the procedures and steps performed by the aforementioned virtual private network communication system. In this actual embodiment, the MAC addresses of the devices in the virtual private network communication system are set as shown in the following tables.
TABLE 1
Devices and MAC addresses thereof in the system
Name of device MAC address
Server
110 ff:ff:ff:ff:ff:ff
Routing device
120 42:21:1a:f4:ea:27
Routing device 130 00:ff:7f:0a:81:6d
First, in the registration procedure of the first part, the data content in the registration information that the routing device 120 transmits to the server 110 includes:
{42:21:1a:f4:ea:27, ff:ff:ff:ff:ff:ff,SMB}
The first two are Ethernet headers, which are the MAC addresses of the routing device 120 (transmitter) and the server 110 (receiver). The third information is a recognition string SMB.
Likewise, the data content in the registration information that the routing device 130 transmits to the server includes:
{00:ff:7f:0a:81:6d, ff:ff:ff:ff:ff:ff,SMB}
After receiving the registration information, the server 110 records the data content of the registration information in the registration form as shown below:
TABLE 2
Registration form of the server
Name of device Recognition String MAC address
Routing device
120 SMB 42:21:1a:f4:ea:27
Routing device 130 SMB 00:ff:7f:0a:81:6d
It should be noted that the field of “Name of device” may be selectively implemented and may be attached to the registration information for transmission.
Next, in the positioning procedure of the second part, the routing device 120 transmits a positioning request, as shown below:
{42:21:1a:f4:ea:27, ff:ff:ff:ff:ff:ff, SMB, encrypted message (ARP: who is 10.2.3.100)}
The fourth information is the encrypted address inquiry message.
After receiving the aforementioned positioning request, the server 110 forwards the positioning request to other routing devices, i.e. the routing device 130 in this embodiment, having the same recognition string “SMB” in the virtual private network communication system 10.
    • {42:21:1 a:f4:ea:27, 00:ff:7f:0a:81:6d, SMB, encrypted message (ARP who is 10.2.3.100)}
It should be noted that the MAC address of the receiver of the second information has been rewritten into the MAC address of the routing device 130.
The routing device 130 also has a connection list stored therein, and after parsing the positioning request, the routing device 130 also stores a connection method of the routing device 120 in the connection list:
TABLE 3
Connection list of routing device 130
Device UDP connection method
ff:ff:ff:ff:ff:ff Sock0(server)
42:21:1a:f4:ea:27 Sock0
The UDP connection method Sock0 indicates that in this stage, the routing device 120 can transmit various data to the routing device 130 through connection with the server.
Because the virtual IP address 10.2.3.100 in the address inquiry message is in the virtual subnet of the routing device 130, the routing device 130 sends the positioning information to the routing device 120 via Sock0, i.e. via the forwarding path of the server 110. The data content of the positioning information includes the following information:
{00:ff:7f:0a:81:6d, 42:21:1a:f4:ea:27, SMB, encrypted message (10.2.3.100 is at 42:21:1a:f4:ea:27)}
The routing device 120 determines that the routing device corresponding to the virtual IP address 10.2.3.100 is the routing device 130 by parsing the positioning message in the positioning information.
Meanwhile, the routing device 120 adds the routing device 130 to the connection list:
TABLE 4
Connection list of routing device 120
Device UDP connection method
ff:ff:ff:ff:ff:ff Sock0
00:ff:7f:0a:81:6d Sock0
Thereafter, the routing device 120 establishes the connection with the routing device 130 according to the positioning information. After the connection is established, the connection list of the routing device 120 and the routing device 130 is updated as:
TABLE 5
Connection list of routing device 120 after establishment of
P2P connection
Device UDP connection method
ff:ff:ff:ff:ff:ff Sock0
00:ff:7f:0a:81:6d Sock1(P2P)
TABLE 6
Connection list of routing device 130 after establishment of
P2P connection
Device UDP connection method
ff:ff:ff:ff:ff:ff Sock0
42:21:1a:f4:ea:27 Sock1(P2P)
The UDP connection method Sock1 indicates that the routing devices 120 and 130 are capable of exchanging data in the P2P way.
The invention also provides a routing device adapted for a virtual private network communication system. FIG. 4 is a block diagram of a routing device according to an embodiment of the invention. Referring to FIG. 4, a routing device 40 includes a network interface unit 410 and a processing unit 420. The network interface unit 410 is connected to a server via the Internet. The processing unit 420 is coupled to the network interface unit 410 and transmits registration information RI to the server via the network interface unit 410, wherein the registration information RI includes a recognition string. The processing unit 420 further transmits a positioning request PR to the server via the network interface unit 410. The processing unit 420 receives positioning information PI from the server via the network interface unit 410, and the processing unit 420 directly connects to a remote routing device via the network interface unit 410 according to the positioning information PI and transmits data after the connection is established.
Details of the routing device 40 may be found in the descriptions of the embodiments of FIG. 1 to FIG. 3 and thus will not be repeated hereinafter. It should be noted that, when actually applied, the routing device 40 usually includes a sub-network interface unit (not shown) for connecting the hosts in the private network thereof (e.g. the private network 150 and the hosts 151-153 shown in FIG. 1) and exchanging data therebetween.
The invention further provides a virtual private network communication method adapted for a routing device in a virtual private network communication system. FIG. 5 is a flowchart illustrating a virtual private network communication method according to an embodiment of the invention. Referring to FIG. 5, the virtual private network communication method includes the following steps. First, in Step S501, registration information is transmitted to a server in the virtual private network communication system, wherein the registration information includes a recognition string. Then, in Step S502, a positioning request is transmitted to the server. Next, in Step S503, positioning information is received from the server, and a remote routing device is directly connected according to the positioning information. Thereafter, in Step S504, data is transmitted after the connection is established. Details of the virtual private network communication method may be found in the descriptions of the embodiments of FIG. 1 to FIG. 3 and thus will not be repeated hereinafter.
In conclusion of the above, the invention provides a virtual private network communication system, a routing device, and a method thereof for performing operations, such as registration procedure, positioning procedure, and connection procedure, to complete the communication connection between the routing devices and private networks thereof in the virtual private network communication system. The system further utilizes a recognition string to distinguish virtual private network and positions the virtual IP address of the private network according to the positioning request and the recognition string included therein to achieve P2P transmission between two private networks. Even if the routing devices are both behind the NAT equipment, the connection of the virtual private network can still be established in a simple way. In addition, the recognition string can serve as the basis of the encrypted message to simplify the transmission of the key.
It will be apparent to those skilled in the art that various modifications and variations can be made to the disclosed embodiments without departing from the scope or spirit of the invention. In view of the foregoing, it is intended that the invention covers modifications and variations of this disclosure provided that they fall within the scope of the following claims and their equivalents.

Claims (20)

What is claimed is:
1. A virtual private network communication system, comprising:
a server; and
a plurality of routing devices respectively transmitting registration information to the server, wherein the registration information comprises a recognition string, and the recognition string corresponds to a virtual private network, the server obtains and stores the recognition string corresponding to each of the routing devices in response to receiving the registration information,
wherein the routing devices comprise a first routing device and a second routing device, wherein the first routing device transmits a positioning request to the server, and the first routing device acquires positioning information having the MAC address of the second routing device, the positioning request comprises the recognition string of the first routing device and an address inquiry message,
wherein the server transmits the positioning request to a part of or all of the routing devices according to the recognition string of the first routing device by broadcasting the positioning request to the routing devices having the same recognition string which is same as the recognition string of the first routing device,
wherein when the second routing device receives the positioning request, the second routing device fills the MAC address of the second routing device in the positioning information and transmits the positioning information according to the positioning request to the first routing device via the server,
wherein the first routing device directly establishes a connection with the second routing device according to the positioning information having the MAC address of the second routing device and transmits data after the connection is established,
wherein the server stores the MAC address of each of the routing devices when the server receives the registration information transmitted by the routing devices, and the server determines that the routing devices having the same recognition string belong to the same virtual private network.
2. The virtual private network communication system according to claim 1, wherein:
the registration information comprises a header and a data content, wherein the data content comprises the recognition string, a media access control (MAC) address of the server, and a MAC address of the routing device corresponding to the registration information.
3. The virtual private network communication system according to claim 2, wherein:
when the server receives the positioning request from the first routing device, the server parses the positioning request and respectively transmits the positioning request to the routing devices with the same recognition string as the first routing device.
4. The virtual private network communication system according to claim 1, wherein:
the positioning request transmitted by the first routing device comprises a header and a data content, wherein the data content comprises the recognition string, a MAC address of the first routing device, and an address inquiry message.
5. The virtual private network communication system according to claim 4, wherein:
the address inquiry message is an encrypted message, comprising a virtual Internet protocol (IP) address.
6. The virtual private network communication system according to claim 4, wherein:
the first routing device encrypts the address inquiry message according to the recognition string.
7. The virtual private network communication system according to claim 5, wherein:
the second routing device transmits the positioning information to the first routing device via the server according to the MAC address of the first routing device in the positioning request when the second routing device parses the positioning request, decrypts the address inquiry message, and verifies that the virtual IP address in the address inquiry message is a virtual IP address in a private network of the second routing device.
8. The virtual private network communication system according to claim 1, wherein:
the first routing device connects to the second routing device according to the positioning information by a peer to peer (P2P) connection method when the first routing device receives the positioning information, wherein the P2P connection method is an encrypted connection.
9. A routing device, adapted for a virtual private network communication system comprising a server and another routing device, comprising:
a network interface unit connected to the server via an Internet; and
a processing unit coupled to the network interface unit and transmitting registration information to the server via the network interface unit, wherein the registration information comprises a recognition string, and the recognition string corresponds to a virtual private network, wherein the server obtains and stores the recognition string in response to receiving the registration information,
wherein the processing unit further transmits a positioning request via the network interface unit to the server and acquires positioning information having the MAC address of the another routing device, the positioning request comprises the recognition string of the routing device and an address inquiry message, the server broadcasts the positioning request to the another routing device having the same recognition string which is same as the recognition string of the routing device; and
wherein when the another routing device receives the positioning request, the another routing device fills the MAC address of the another routing device in the positioning information and transmits the positioning information according to the positioning request to the routing device via the server,
the processing unit receives the positioning information via the network interface unit in response to the positioning request, and the processing unit directly connects to the another routing device via the network interface unit according to the positioning information having the MAC address of the another routing device and transmits data after the connection is established,
wherein the another routing device having the same recognition string as the routing device belongs to the same virtual private network.
10. The routing device according to claim 9, wherein:
the registration information comprises a header and a data content, wherein the data content comprises the recognition string, a MAC address of the server, and a MAC address of the routing device.
11. The routing device according to claim 9, wherein:
the positioning request comprises a header and a data content, wherein the data content comprises the recognition string, the MAC address of the routing device, and an address inquiry message.
12. The routing device according to claim 9, wherein:
the address inquiry message is an encrypted message, comprising a virtual IP address.
13. The routing device according to claim 12, wherein:
the processing unit encrypts the address inquiry message according to the recognition string.
14. The routing device according to claim 9, wherein:
when the processing unit receives the positioning information, the processing unit connects to the another routing device via the network interface unit according to the positioning information by a P2P connection method, wherein the P2P connection method is an encrypted connection.
15. A virtual private network communication method adapted for a routing device in a virtual private network communication system, the virtual private network communication method comprising:
transmitting, by the routing device, registration information to a server in the virtual private network communication system, wherein the registration information comprises a recognition string, and the recognition string corresponds to a virtual private network, wherein the server obtains and stores the recognition string in response to receiving the registration information;
transmitting, by the routing device, a positioning request to the server and acquiring, by the routing device, positioning information having the MAC address of another routing device, wherein the positioning request comprises the recognition string of the routing device and an address inquiry message, wherein the server broadcasts the positioning request to the another routing device having the same recognition string which is same as the recognition string of the routing device,
wherein when the another routing device receives the positioning request, the another routing device fills the MAC address of the another routing device in the positioning information and transmits the positioning information according to the positioning request to the routing device via the server;
receiving, by the routing device, the positioning information having the MAC address of the another routing device from the server and directly connecting to the another routing device according to the positioning information; and
transmitting data after the connection is established,
wherein the another routing device having the same recognition string as the routing device belongs to the same virtual private network.
16. The virtual private network communication method according to claim 15, wherein:
the registration information comprises a header and a data content, wherein the data content comprises the recognition string, a MAC address of the server, and a MAC address of the routing device corresponding to the registration information.
17. The virtual private network communication method according to claim 15, wherein:
the positioning request comprises a header and a data content, wherein the data content comprises the recognition string, the MAC address of the routing device, and an address inquiry message.
18. The virtual private network communication method according to claim 15, wherein:
the address inquiry message is an encrypted message comprising an Internet protocol (IP) address.
19. The virtual private network communication method according to claim 18, wherein a step before transmitting the positioning request comprises:
encrypting the address inquiry message according to the recognition string.
20. The virtual private network communication method according to claim 18, comprising:
connecting to the another routing device according to the positioning information by a P2P connection method when receiving the positioning information, wherein the P2P connection method is an encrypted connection.
US13/802,820 2013-01-18 2013-03-14 Virtual private network communication system, routing device and method thereof Active 2034-01-08 US9419891B2 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
TW102102047 2013-01-18
TW102102047A TWI493946B (en) 2013-01-18 2013-01-18 Virtual private network communication system, routing device and method thereof
TW102102047A 2013-01-18

Publications (2)

Publication Number Publication Date
US20140207958A1 US20140207958A1 (en) 2014-07-24
US9419891B2 true US9419891B2 (en) 2016-08-16

Family

ID=51208637

Family Applications (1)

Application Number Title Priority Date Filing Date
US13/802,820 Active 2034-01-08 US9419891B2 (en) 2013-01-18 2013-03-14 Virtual private network communication system, routing device and method thereof

Country Status (2)

Country Link
US (1) US9419891B2 (en)
TW (1) TWI493946B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210135987A1 (en) * 2014-10-20 2021-05-06 Causam Enterprises, Inc. Systems, Methods, and apparatus for Communicating Messages of Distributed Private Networks Over Multiple Public Communication Networks

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9143480B2 (en) * 2011-01-10 2015-09-22 Secure Global Solutions, Llc Encrypted VPN connection
US11455181B1 (en) * 2014-09-19 2022-09-27 Amazon Technologies, Inc. Cross-network connector appliances
CN107846430A (en) * 2016-09-19 2018-03-27 北京优朋普乐科技有限公司 Node screening technique and device, the login service device of P2P networks
CN108390941A (en) * 2018-03-20 2018-08-10 浙江臻善科技股份有限公司 End-to-end real time file transmission method, system and first terminal and second terminal

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040006708A1 (en) * 2002-07-02 2004-01-08 Lucent Technologies Inc. Method and apparatus for enabling peer-to-peer virtual private network (P2P-VPN) services in VPN-enabled network
CN1567873A (en) 2003-07-08 2005-01-19 华为技术有限公司 A method of data transmission on VPN
US20070115985A1 (en) * 2005-11-01 2007-05-24 Marconi Communications, Inc. Ring LSP topology for supporting VPNs over MPLS-based networks
TWI302794B (en) 2005-03-09 2008-11-01
US20140101324A1 (en) * 2012-10-10 2014-04-10 International Business Machines Corporation Dynamic virtual private network
US20140115325A1 (en) * 2012-10-24 2014-04-24 Cisco Technology, Inc. Simplified Mechanism for Multi-Tenant Encrypted Virtual Networks

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040006708A1 (en) * 2002-07-02 2004-01-08 Lucent Technologies Inc. Method and apparatus for enabling peer-to-peer virtual private network (P2P-VPN) services in VPN-enabled network
CN1567873A (en) 2003-07-08 2005-01-19 华为技术有限公司 A method of data transmission on VPN
TWI302794B (en) 2005-03-09 2008-11-01
US20070115985A1 (en) * 2005-11-01 2007-05-24 Marconi Communications, Inc. Ring LSP topology for supporting VPNs over MPLS-based networks
US20140101324A1 (en) * 2012-10-10 2014-04-10 International Business Machines Corporation Dynamic virtual private network
US20140115325A1 (en) * 2012-10-24 2014-04-24 Cisco Technology, Inc. Simplified Mechanism for Multi-Tenant Encrypted Virtual Networks

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"Office Action of Taiwan Counterpart Application" , issued on Jan. 23, 2015, p. 1-p. 10.

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210135987A1 (en) * 2014-10-20 2021-05-06 Causam Enterprises, Inc. Systems, Methods, and apparatus for Communicating Messages of Distributed Private Networks Over Multiple Public Communication Networks
US11770335B2 (en) * 2014-10-20 2023-09-26 Causam Enterprises, Inc. Systems, methods, and apparatus for communicating messages of distributed private networks over multiple public communication networks

Also Published As

Publication number Publication date
US20140207958A1 (en) 2014-07-24
TW201431336A (en) 2014-08-01
TWI493946B (en) 2015-07-21

Similar Documents

Publication Publication Date Title
EP3096497B1 (en) Method, apparatus, and network system for terminal to traverse private network to communicate with server in ims core network
JP4579934B2 (en) Addressing method and apparatus for establishing a Host Identity Protocol (HIP) connection between a legacy node and a HIP node
US8132000B2 (en) Secure transport of multicast traffic
EP1547344B1 (en) Server, device, and communication system connected to the internet
US7869446B2 (en) Optimized dynamic multipoint virtual private network over IPv6 network
US9027114B2 (en) Changing group member reachability information
US8213387B2 (en) Method, system and device for transmitting a media independent handover message
US9369550B2 (en) Protocol for layer two multiple network links tunnelling
TWI322606B (en) Tunneling device, channel tunnel distribution method using the same and program
US10560378B2 (en) Data link layer-based communication method, device, and system
US9419891B2 (en) Virtual private network communication system, routing device and method thereof
JP2009111437A (en) Network system
US20120099599A1 (en) Method and Apparatus for Relaying Packets
Tuexen et al. UDP encapsulation of Stream Control Transmission Protocol (SCTP) packets for end-host to end-host communication
US7577837B1 (en) Method and apparatus for encrypted unicast group communication
CN104509046B (en) A kind of data communications method, equipment and system
US9264294B2 (en) HAIPE peer discovery using BGP
JP6075871B2 (en) Network system, communication control method, communication control apparatus, and communication control program
CN117692277A (en) Data transmission method, device, equipment and readable storage medium
JP2008131531A (en) Remote access controller and control program
CN117544668A (en) Method for reverse proxy through external network server
JP2006033350A (en) Proxy secure router apparatus and program
JPWO2018142526A1 (en) Relay apparatus, communication system, and communication method

Legal Events

Date Code Title Description
AS Assignment

Owner name: GEMTEK TECHNOLOGY CO., LTD., TAIWAN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:TAN, DER-HWA;LAI, MING-YEN;HUANG, MIN-WEI;REEL/FRAME:030054/0814

Effective date: 20130313

STCF Information on status: patent grant

Free format text: PATENTED CASE

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 4

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 8